Hi Eberhard, Ching, You assume that people are not taking paid leave in your calculations. I agree, however, that any additional documentation requirements (or as I call them: useless "make‑work") will detract from the ability to review and action actual reports. Marc, Phishing is by far the most prevalent form of abuse in the reports we receive. While we do not keep formal statistics, I would estimate that it accounts for roughly 90% of the reports of actual DNS abuse we see, malware and botnet reports are a statistical anomaly in comparison. That said, the numbers from a single registrar cannot be used to extrapolate figures across all registrars. I was certainly surprised by that number and initially thought that we must be doing something right, as our figures are significantly lower when measured as abuse reports per registered domain. Sincerely, Volker Greimann General Counsel & Head of Policy and Compliance - Online Division volker.greimann@centralnic.com Office: +49-172-6367025 Web: www.teaminternet.com Team Internet Group PLC (AIM:TIG). Registered Office: 4th Floor, Saddlers House, 44 Gutter Lane, London, United Kingdom, EC2V 6BR. Team Internet is a company registered in England and Wales with the company number 8576358. ________________________________ From: Eberhard W Lisse via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org> Sent: 12 April 2026 12:40 PM To: Bruna Martins dos Santos via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org> Cc: Dns-techs <dns-techs@na-nic.com.na> Subject: [Gnso-dnsabuse-pdp] Re: Fwd: Namecheap phishing report data for 2025 Ching, the figures look small when I ballpark them. As I am playing with vibe coding at the moment, I turned openclaw loose to do the math :-)-O Assuming a 7‑hour business day (people need breaks, especially when dealing with stuff like this), excluding weekends (Sat–Sun), and an average of 5 public holidays and 365 days per year, come to: 1191 business days ≈ 1672 calendar days ≈ 4 years, 7 months aka wo:man-years. 21,420 tickets per wo:man-year 84 tickets per business day per person How much is the going rate these days for such positions? I think it is really helpful to consider what the implementation and operation costs will be of whatever the PDP will prescribe. el -- Dr. Eberhard W. Lisse \ / Obstetrician & Gynaecologist (retired) el@lisse.NA<mailto:el@lisse.NA> / * | Telephone: +264 81 124 6733 (cell) PO Box 8421 Bachbrecht \ / If this email is signed with GPG/PGP 10007, Namibia ;____/ Sect 20 of Act No. 4 of 2019 may apply On Apr 12, 2026 at 02:15 +0200, Ching Chiao via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org<mailto:gnso-dnsabuse-pdp@icann.org>>, wrote: Dear Reg and Owen, Thank you very much for sharing these statistics. To build on this data, let’s consider a scenario where a registrar has 500,000 reported phishing domains and 100,000 confirmed cases. If each confirmed case requires approximately five minutes of processing time to generate an ADC report—considering account, registrant, host, payment information, etc., the total workload for ADC-phishing-cases alone reaches 500,000 minutes, or approximately 8,333 hours or 347 days As Marc noted, this does not account for other types of DNS abuse or the lead time required to vet the initial 500,000 reports to confirm those 100,000 cases. The resulting workload is significant. If we introduce another timeline element—for example, a domain registered on day 1, reported as phishing on day 15, and confirmed on day 30—the ADC is currently proposed to execute on or after day 30. I am curious to hear your thoughts on whether acting on the ADC earlier (e.g., day 15 or 16) would reduce the total processing time, or if it would potentially increase the burden. Any thoughts or comments would be greatly appreciated. Best, Ching […]